Google protobuf-java 3.21.0

CPE Details

Google protobuf-java 3.21.0
google
protobuf-java
3.21.0
2022-10-13
14h55 +00:00
2022-12-13
19h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:google:protobuf-java:3.21.0:*:*:*:*:*:*:*

Informations

Vendor

google

Product

protobuf-java

Version

3.21.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-3510 2022-11-11 16h35 +00:00 A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5
High
CVE-2022-3509 2022-11-01 18h09 +00:00 A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5
High
CVE-2022-3171 2022-10-11 22h00 +00:00 A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5
High